Port Mirroring in 2.1

General pfSense Questions
Log in to reply
  • A

    This is the only post that I've found on this topic.
    http://forum.pfsense.org/index.php/topic,38911.msg200538.html

    I'm currently running pfSense on a little alix2d13 (http://www.pcengines.ch/alix2d13.htm) and it's by far the best little piece of hardware that I've found to run pfSense on a home network (besides a VM, but that's a level of complexity that I don't want to worry with right now). I've got it sitting in between my cable modem and main switch, but there's an extra port on the device that I'm not using. Now, I'm a huge fan of Snort and I know that the package is available on pfSense, but that box is just not powerful enough to handle everything. I'd like to use the extra port as a mirror of the WAN, and attach it to a separate machine all together running Snort.

    I understand that I can go into the shell and create the vif to do this, but is this something we can do from the webui now?

    0
  • stephenw10
    Netgate Administrator

    Hmm, good question. It's certainly now possible to add a span port to the bridge as JimP described in that thread but I'm unsure as to how configurable that is. It doesn't look like you can choose which ports are span ports from the webgui it's a checkbox that looks like it applies to everything. In your case that doesn't matter since you only have the one additional port and you want that to be a span port. Try it and see.

    Steve

    Edit: Just realised upon further investigation that what I wrote above is wrong. You can select which interface is the span port from the drop down. However since it can't be one of the bridge members that means you only have one member on the bridge. Also I don't think you can bring up an interface in monitor mode from the webgui.

    0
  • J

    Sorry to pile on, but I'm looking at the same problem. 
    I want a SPAN port, mirrored off my DMZ port, but I am unable to create the SPAN because it wont let me bridge a single port(DMZ).  Is there a better way to accomplish this?

    I'm thinking I might tinker with the vSwitch and this pfsense is running on ESXi, but I would like to understand how/if pfsense can SPAN a single port not a bridge.  Thanks.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy